Windows 7 x64 Proxy no Proxy: Is it possible to force a computer to use a proxy server when the network location is set to Domain and when it is set to Home or Public set it so that it does not use a proxy?

Windows 7 x64 Proxy no Proxy: Is it possible to force a computer to use a proxy server when the network location is set to Domain and when it is set to Home or Public set it so that it does not use a proxy?

Is it possible to force a computer to use a proxy server when the network location is set to Domain and when it is set to Home or Public set it so that it does not use a proxy? We are deploying Windows 7 x64 to laptops using a K2000 box via scripted install and also images. Thanks

Comments

Answers

April 22, 2004: Added more complex examples to bypass proxy for multiple URL's.

August 15, 2003: Updated with example of bypassing proxy for a particular URL, and also mention WPAD.DAT to automatically configure Internet Explorer.

PROXY.PAC Files

Several of my clients have asked for a way to have browsers automatically pick up proxy settings if the PC (usually a laptop) is on the local LAN, but not use a proxy server if the PC is not on the local LAN. For instance, moving a laptop from a home network with no proxy server to the office LAN, with a BorderManager server.

The browser can be configured with a simple PROXY.PAC file. The PROXY.PAC file can be quite complex, providing for load-balancing, fault tolerance, or other uses. I would be happy to produce a custom proxy.pac file for you (as a paid consulting project). The examples here are pretty basic.

I have tested this PROXY.PAC file on Netscape, Mozilla, Firefox, Opera and Internet Explorer on Windows XP Professional and Windows 2000 Professional.

Note: This is not a method for remotely or permanently setting the proxy settings, which can be done in a number of ways (ZENworks, login script, proxy configuration files from Netscape or Microsoft, etc.) I will assume that you will visit the workstations and enter the proxy settings as necessary to point to the PROXY.PAC file. If the PC is to be moved off the local LAN, you will also need to copy the file to the PC.

How it works:

The .PAC file checks the local IP subnet address of the PC, and branches with an IF / ELSE statement. If the PC is located in a subnet that matches, a proxy server is used. If the PC is on any other subnet, a direct connection is used instead of the proxy.
function FindProxyForURL(url, host)
{
if (isInNet(myIpAddress(), "192.168.1.0", "255.255.255.0"))
return "PROXY 192.168.1.1:8080";
else
return "DIRECT";
}
In my example file #1, I check that the host is in the 192.168.1.0 (255.255.255.0) subnet. If it is, I tell the browser to use a proxy at IP address 192.168.1.1, using port 8080. Obviously, you may need to change the subnet, subnet mask and proxy address/port for your LAN configuration.

There are methods which can be used to check for multiple subnets in case you have more than one internal LAN subnet. Ask in the Novell Public Forums about more complex PROXY.PAC files. (Or hire me to develop one for your environment!)

Download my example PROXY.PAC file #1 HERE (simple version)

More Complex Version

I have had a number of occasions where I needed to bypass the http proxy for a particular web site. This is easily done with a PROXY.PAC file, by putting in an IF statement with the proper syntax. (You can have lots of IF statements if you want to do this for multiple web sites.)

Here is an example that bypasses proxy for a particular web site (principia.mo.techpaths.com) that was giving grief when going to it through the HTTP Proxy:

In this example you can add multiple URL's to NOT use a proxy, and then proxy everything else. In this example, you do not have a check for the local network, so it would not be a good example for a laptop that moves between networks.

In this method, you point to a file being made available via the BorderManager miniwebserver. For a simple PROXY.PAC file and a PC that says on the local LAN, this doesn't make a lot of sense, as it is easier to just enter the proxy server address and port numbers. However, this technique is useful when you have complex PROXY.PAC files which do load balancing, etc.

There are ways to push the proxy settings (including PROXY.PAC) files to any browser, but Internet Explorere tends to be the easiest. In fact, you can have Internet Explorer automatically discover your PROXY.PAC file without you even having to touch the browser, if the browser is left at default settings. This is done by renaming PROXY.PAC to WPAD.DAT, and launching it from web server, using a local DNS entry. Please see this tip on methods for configuring browsers to pick up proxy settings.